[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [qemu-xen-traditional stable-4.6] hw/msmouse.c: Fix deref_after_free and double free

commit a4d48935c97839337f6aa8b2bb944e92bb9909df
Author:     Yunlei Ding <yunlei.ding@xxxxxxxxxx>
AuthorDate: Mon Mar 17 05:37:49 2014 +0000
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Fri Oct 16 16:52:06 2015 +0100

    hw/msmouse.c: Fix deref_after_free and double free
    
    msmouse_chr_close is only pointed by chr->chr_close in qemu_chr_close
    function. After calling chr->chr_close, chr will be freed. So we don't
    need to free it again here.
    
    Signed-off-by: Yunlei Ding <yunlei.ding@xxxxxxxxxx>
    (defect not identified by Coverity Scan)
    Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
 hw/msmouse.c |    1 -
 1 files changed, 0 insertions(+), 1 deletions(-)

diff --git a/hw/msmouse.c b/hw/msmouse.c
index 69356a5..2d2703b 100644
--- a/hw/msmouse.c
+++ b/hw/msmouse.c
@@ -61,7 +61,6 @@ static int msmouse_chr_write (struct CharDriverState *s, 
const uint8_t *buf, int
 
 static void msmouse_chr_close (struct CharDriverState *chr)
 {
-    qemu_free (chr);
 }
 
 CharDriverState *qemu_chr_open_msmouse(void)
--
generated by git-patchbot for /home/xen/git/qemu-xen-traditional.git#stable-4.6

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.